Jak pozbyć sie komunikatu antyspiware?

Mam taki problem od jakiegoś czsu atkuje mnie program antyspyware. Gdy sie klika zaczyna sie pobierać ten program. Pobrałam go raz i zaczeło sie skanowanie co pokazało że mm jakieś wirusy. Chociaz jak skanowałam NOD-em ich nie było. Potem przeczytałam w necie że tak się pojawiją fałszywe programy. Gdy się go zainstaluje sam robi wirusy i je potem znajduje potem trzeba sie zajerestrować i zapłacic co nawet nie ma mowy o tym. Więc tylko nie wiem jak sie tego pozbyć żeby juz to nie wyskakiwało.???

antylx4.th.pngthpix.gif

Masz jakis syf w kompie,Zapoznaj sie z tym tematem. viewtopic.php?f=16&t=36654

nie wiem. Chyba mój kompóter jest nienormalny niektóre programy w ogóle sie nie chciały otworzyć jak ściągnełam, a te co sie dały to wszystko ok przebiegało oprócz SmitFraudFix jak sie zaczynało skanowanie to w pewnym momęcie sie resetował. Te co dobrze szły i tak nic nie zdziałały nadal to jest :frowning:

A jak z Combofix ? Zainstaluj i podaj logi.

ten akurat nie chce mi sie włączyć klikam klikam i nic

Zmień nazwę z combofix na jakąkolwiek inną i spróbuj

Zastosuj Malwarebytes’ Anti-Malware http://cybertrash.pl/Tata/MBAM/Malwarebytes_%20Anti-Malware.html pokaż log

:slight_smile:

niestety ale jak sie skanuje w pewnym momecie komputer sie resetuje ja nie wiem co z tym zrobic corz brdziej to mnie denerwuje

Pobierz System Repair Engineer

http://www.cybertrash.pl/images/tata/System%20Repair/System%20Repair%20Engineer.html

przeskanuj daj log

:slight_smile:

nta , pojawia się wtedy bluescreen? Przyjrzyj się dobrze, bo będzie widoczny bardzo krótko.

udało mi sie zeskanowac System Repair Engineer

a to log:

2008-11-10,13:08:28


System Repair Engineer 2.7.0.1210

Smallfrogs (http://www.KZTechs.com)


Windows XP Professional Dodatek Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed


Follow item(s) have been selected:

    All Boot Items (Including Registry, Startup Folders, Services and so on)

    Browser Add-ons

    Running Processes (Including process model information)

    File Associations

    Winsock Provider

    Autorun.Inf

    HOSTS File

    Process Privileges Scan

    Scheduled Tasks

    API HOOK

    Hidden Process



Boot Items

Registry

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<> [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  [STMicroelectronics]
  [France Télécom R&D]
  [File is missing]
<"C:\Program Files\Real Alternative\Update_OB\realsched.exe" -osboot> [File is missing]
<"C:\Program Files\QuickTime\QTTask.exe" -atboottime> [Apple Inc.]
<"E:\NOD\egui.exe" /hide /waitservice> [(Verified)"ESET, spol. s r.o."]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  [(Verified)Microsoft Windows Publisher]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher]
<%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher]
<%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Publisher]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]

    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher]

[HKEY_CURRENT_USER\Control Panel\Desktop]
  [(Verified)Microsoft Windows Publisher]


==================================

Startup Folders

[Adobe Reader Speed Launch]
 C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]>

[Uruchom przeglądarkę ACDSee]
 C:\PROGRA~1\ACDSYS~1\ACDSee\9.0\ACDSee9.exe [ACD Systems Ltd.]>


==================================

Services

[Ares Chatroom server / AresChatServer][Stopped/Manual Start]


[Eset HTTP Server / EhttpSrv][Stopped/Manual Start]


[Eset Service / ekrn][Running/Auto Start]


[France Telecom Routing Table Service / FTRTSVC][Running/Auto Start]


[Dostęp do urządzeń interfejsu HID / HidServ][Stopped/Disabled]
%SystemRoot%\System32\hidserv.dll>

[NOD32 Kernel Service / NOD32krn][Stopped/Auto Start]

  <"C:\Program Files\Eset\nod32krn.exe"><(File is missing)>


==================================

Drivers

[eamon / eamon][Running/Auto Start]


[easdrv / easdrv][Running/System Start]


[epfwtdir / epfwtdir][Running/System Start]


[MBAMSwissArmy / MBAMSwissArmy][Stopped/Manual Start]

  <\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys>

[nv / nv][Running/Manual Start]


[PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start]

  <\??\C:\WINDOWS\system32\PCAMPR5.SYS>

[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]

  <\??\C:\WINDOWS\system32\PCANDIS5.SYS>

[Padus ASPI Shell / pfc][Running/Manual Start]


[Sterownik bezpośredniego połączenia kablowego / Ptilink][Running/Manual Start]


[PxHelp20 / PxHelp20][Running/Boot Start]

  <\SystemRoot\System32\Drivers\PxHelp20.sys>

[Secdrv / Secdrv][Stopped/Manual Start]


[ATM/ADSL miniport / Stmatm][Running/Manual Start]


[ADSL Modem USB Service / TaurusUsb][Running/Manual Start]
<>

[Kontroler VIA AC'97 Audio (WDM) / VIAudio][Running/Manual Start]



==================================

Browser Add-ons

[Ask Toolbar]

  {3041d03e-fd4b-44e0-b742-2d9b88305f98} 

[Java Plug-in 1.4.0_03]

  {8AD9C840-044E-11D1-B3E9-00805F499D93} 

[Java Plug-in 1.4.0_03]

  {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} 

[AcroIEHlprObj Class]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} 

[Windows Genuine Advantage Validation Tool]

  {17492023-C23A-453E-A040-C7C580BBF700} 

[AskBar BHO]

  {201F27D4-3704-41D6-89C1-AA35E39143ED} 

[]

  {25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} <, >

[Windows Media Player]

  {6BF52A52-394A-11D3-B153-00C04F79FAA6} 


==================================

Running Processes

[PID][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [, 1, 0, 0, 1]

    [C] [Adobe Systems, Inc., 7.0.0.0]

    [C] [N/A,]

    [C] [Malwarebytes Corporation, 1, 1, 0, 0]

    [E] [ESET, 3.0.669]

[PID][E] [ESET, 3.0.669]

    [E] [ESET, 3.0.669]

    [E] [ESET, 3.0.669]

    [E] [ESET, 3.0.669]

    [E] [ESET, 3.0.669]

    [E] [ESET, 3.0.669]

    [E] [ESET, 3.0.669]

    [E] [ESET, 3.0.669]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [France Telecom, 11.0 (4)]

    [C] [France Télécom R&D, 11b.0 (3)]

[PID][C] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [STMicroelectronics , 0.1.1.26]

[PID][E] [ESET, 3.0.669]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [E] [ESET, 3.0.669]

    [E] [ESET, 3.0.669]

    [E] [ESET, 3.0.669]

    [E] [ESET, 3.0.669]

    [E] [ESET, 3.0.669]

    [E] [ESET, 3.0.669]

[PID][C] [France Télécom R&D, 5.9 (1)]

    [C] [France Télécom R&D, 5.4 (36)]

    [C] [Microsoft Corporation, 6.00.8168.0]

    [C] [France Télécom R&D, 11.0 (0)]

    [c] [, 5.9.0]

    [C] [France Télécom R&D, 5.9 (525)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [France Télécom R&D, 5.9 (3)]

    [C] [France Télécom R&D, 5.4 (36)]

    [C] [Microsoft Corporation, 6.00.8168.0]

    [C] [France Télécom R&D, 11.0 (0)]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [France Télécom R&D, 5.9 (525)]

    [c] [, 5.9.0]

    [C] [, 1, 0, 0, 1]

    [C] [, 5.8 (10)]

    [C] [, 1, 0, 0, 1]

    [C] [, 11.0 (21)]

[PID][C] [France Télécom R&D, 11b.0 (7)]

    [C] [France Télécom R&D, 5.4 (36)]

    [C] [Microsoft Corporation, 6.00.8168.0]

    [C] [France Télécom R&D, 11b.0 (18)]

    [C] [Microsoft Corporation, 6.00.8972.0]

    [C] [France Télécom R&D, 11b.0 (3)]

    [C] [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.55]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [France Télécom R&D, 10.0 (227)]

    [C] [France Télécom R&D, 10.0 (40)]

    [C] [, 11.0 (3)]

    [C] [, 10, 0, 0, 0]

    [C] [, 5.8 (10)]

[PID][C] [France Telecom R&D, 1, 0, 0, 1]

    [C] [France Télécom R&D, 11.0 (0)]

    [C] [Microsoft Corporation, 6.00.8168.0]

    [C] [Microsoft Corporation, 6.00.8972.0]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [, 1, 0, 0, 1]

    [c] [, 5.9.0]

[PID][C] [, 1, 0, 0, 1]

    [C] [Microsoft Corporation, 6.00.8168.0]

    [C] [Microsoft Corporation, 6.00.8972.0]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [, 1, 0, 0, 1]

    [C] [, 1, 0, 0, 1]

[PID][C] [, 1, 0, 0, 1]

    [C] [France Télécom R&D, 5.4 (36)]

    [C] [Microsoft Corporation, 6.00.8168.0]

    [C] [, 11.0 (21)]

    [C] [Microsoft Corporation, 6.00.8972.0]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [, 1, 0, 0, 1]

[PID][C] [, 1, 0, 0, 1]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [France Télécom R&D, 11.0 (2)]

    [C] [France Télécom R&D, 10.0 (40)]

    [C] [France Télécom R&D, 11b.0 (3)]

    [C] [Microsoft Corporation, 6.00.8168.0]

[PID][D] [N/A,]

    [D] [Un4seen Developments, 2.4.1]

    [D] [, 13]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [, 1, 0, 0, 1]

[PID][C] [Tiger grp (www.dimonius.ru), 1.3.5.1]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [N/A,]

    [C] [, 1, 0, 0, 1]

[PID][C] [Smallfrogs Studio, 2.7.0.1210]

[PID][C] [Smallfrogs Studio, 2.7.0.1210]

    [C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [, 1, 0, 0, 1]

    [C] [Smallfrogs Studio, 2, 1, 0, 15]


==================================

File Associations

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]

.EXE OK. ["%1" %*]

.COM OK. ["%1" %*]

.PIF OK. ["%1" %*]

.REG OK. [regedit.exe "%1"]

.BAT OK. ["%1" %*]

.SCR OK. ["%1" /S]

.CHM OK. ["C:\WINDOWS\hh.exe" %1]

.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]

.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.LNK OK. [{00021401-0000-0000-C000-000000000046}]


==================================

Winsock Provider

N/A


==================================

Autorun.Inf

N/A


==================================

HOSTS File

127.0.0.1 localhost


==================================

Process Privileges Scan

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1684, C:\PROGRA~1\NEOSTR~1\TASKBARICON.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1476, C:\PROGRAM FILES\NEOSTRADA TP\NEOSTRADATP.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1516, C:\PROGRAM FILES\NEOSTRADA TP\COMCOMP.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1912, C:\PROGRA~1\NEOSTR~1\TOASTER.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1156, C:\PROGRA~1\NEOSTR~1\INACTIVITY.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1904, C:\PROGRA~1\NEOSTR~1\POLLINGMODULE.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 120, C:\WINDOWS\SYSTEM32\ALERTM~1\ALERTM~1.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1140, C:\PROGRAM FILES\NEOSTRADA TP\WATCH.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2172, D:\ZOGRAMY\EVIL PLAYER\EVIL_PLAYER.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2256, C:\DOCUMENTS AND SETTINGS\NTA52\PULPIT\USDOWNLOADER\USDOWNLOADER.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2312, D:\ZOGRAMY\OPERA\OPERA.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3392, C:\DOCUMENTS AND SETTINGS\NTA52\PULPIT\SRENGLDR.EXE]


==================================

Scheduled Tasks

N/A


==================================

API HOOK

N/A


==================================

Hidden Process

    [1664] C:\WINDOWS\system32\brastk.exe


==================================

a i jeszcze wyskakuje komunikat ze to jest AppInit_DLLs tyko nie da sie tego usunc

Dlaczego zaniechałeś walki z uruchomieniem ComboFix?

Ściągnij go z innej strony, a jeśli będzie trzeba wyłącz na czas skanowania program antywirusowy.

I daj logi.

uruchom System Repair Engineer zakładka System Repair >> Browser Add-ons >> odszukaj i usuń

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

Pobierz i uruchom narzędzie The Avenger Zaznaczasz tekst podany do usunięcia na forum

kopiuj klikasz na Paste Script from Clipboard Execute Potwierdzasz i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

przeskanuj Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2 … It!+4.44.5

Zastosuj Malwarebytes’ Anti-Malware http://cybertrash.pl/Tata/MBAM/Malwarebytes_%20Anti-Malware.html szybki skan - jak coś znajdzie to usuń - pokaż log

potem spróbuj zrobić pełny skan Malware

:slight_smile:

ak6 ,

nie da sie tego zrobić jak włączyłam ComboFix owszem skanuje sie ale w pewnym momęcie resetuje sie gdzieś ok. etapu 50.

Leon$ ,

wszystko dobrze do pewnego momętu wszystko ok az do zinstalownia The Avenger i zrobieni loga to poszlo łatwo:

Logfile of The Avenger Version 2.0, (c) by Swandog46

http://swandog46.geekstogo.com


Platform: Windows XP


*******************


Script file opened successfully.

Script file read successfully.


Backups directory opened successfully at C:\Avenger


*******************


Beginning to process script file:


Rootkit scan active.

No rootkits found!


File "C:\WINDOWS\system32\brastk.exe" deleted successfully.

File "C:\WINDOWS\system32\karna.dat" deleted successfully.


Error: folder "C:\Program Files\AskBarDis" not found!

Deletion of folder "C:\Program Files\AskBarDis" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

  --> the object does not exist



Completed script processing.


*******************


Finished! Terminate.

potem było gorzej zainstalowałam Dr.WEB CureIt! zaczynło sie skanowanie i sie zresetował.

włczyłam Malwarebytes’ Anti-Malware sknował się i też w pewnym momęcie sie zresetował.

Nigdy nie ukonczyło się do konca skanowanie a w przypadku Dr.WEB CureIt! nawet nie zaczeło!

Czemu to się resetuje ciągle?

Jeśli możesz do trybu awaryjnego to zrób to w awaryjnym

tu masz jeszcze program którym możesz przeskanować

Pobierz program SDFix

W takim razie może powinieneś spróbować tego:

http://www.searchengines.pl/Bootowalne- … 12329.html

Oprócz tego do sprawdzenia temperatura podzespołów np Everestem oraz napięcia zasilacza.

eh zapomniałam o awaryinym. Nareszcie się tego pozbyłam. Dięki za pomoc! !!